Security Bytes

Jan 3 2008   7:19AM GMT

Ransomware locks you out, demands $35

Leigha Leigha Cardwell Profile: Leigha

Sunbelt Software CEO Alex Eckelberry warns in a blog posting that new ransomware is on the loose, locking up victims’ machines and demanding $35 to return functionality to the user.

The bad guys are using the Delf.ctk Trojan to hijack the PCs, and victims are told to dial a 900 number that can be traced to “,” a payment processor also used by hardcore pornography Web sites to charge for access to their content, Eckelberry wrote. He offers a step-by-step account of what happens, complete with screen shots the victims encounter.

Eckelberry says a search on the US 900 number shows the first link as passwordtwoenter com, which shares an IP with a number of other similar sites:

p2e com
chargemybill com
chargemyphonebill com
password2enter com
passwordtoenter com
passwordtwoenter com
phonetoenter com
pin2enter com
pintoenter com
pintwoenter com
ptwoe com

“Apparently, this is a payment processor that’s now being used for malware, whether they know it or not,” he wrote.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: